Jump to content
  • Checkout
  • Login
  • Get in touch

osCommerce

The e-commerce.

Credit Card Processing System Question


packblitz

Recommended Posts

We process our credit cards through a POS ethernet terminal. When an order comes in it uses the 'Credit Card' payment class. The first 4 and last 4 card digits and the expiration date get stored on the order (unencrypted). The middle 8 digits get stored in the database in a different non-descript table than the 'orders' table. When an order is printed out, it pulls the first 4 and last 4 card digits and the expiration date from the database. It also pulls the middle 8 from the non-descript table and puts them together on the invoice paper print-out. As soon as the print out is done, the middle 8 digits are automatically erased from the non-descript table in the db. The paper print out is done over https.

 

Here's my question, is this secure and if not what can I do to improve this system's security?

 

Thanks! I'm going over the PCI compliance stuff and want to get it done correctly.

Link to comment
Share on other sites

@@packblitz

 

You CANNOT collect credit card information in that manner UNTIL YOU ARE ALREADY PCI DSS COMPLIANT. Also, the credit card module you are using will NOT pass PCI DSS compliance standards.

 

 

 

Chris

Link to comment
Share on other sites

PCI compliance aside, most merchant accounts forbid the use of in-store POS terminals to process web (or any other non-in-person) card transactions. Having a physical card in hand is lower risk of fraud, and they can charge lower fees. If they catch you doing what it sounds like you're doing, you'll catch hell from them.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...